Bank Stops Cyberattack Aimed at $4M in County Funds

Thieves targeting funds in Schenectady County, N.Y.’s bank account were denied following a cyberattack that gave them access to county computers. It’s unclear whether they tried to remove all funds at once or in smaller transactions.

by Paul Nelson, Times Union / December 20, 2018

(TNS) — The bank that handles Schenectady County finances prevented cyberthieves from stealing $4 million from the county's account, several people familiar with the matter said.

It appears the computer hackers broke into the county's computer system and remained there before recently trying to transfer the cash electronically, according to the individuals, who requested anonymity because they are not authorized to publicly discuss the situation that is being investigated by cybersecurity experts and state and federal authorities.

It was unclear if the hackers tried to grab the money all at once or in smaller amounts during multiple transactions.

Last week, the county announced that its computer systems at the main county building, the court office and sheriff's office had all been compromised by malware, which is software designed to damage or disable computers.

On Wednesday, Chris Gardner, the county attorney, stressed that though the computer system had been compromised, the county did not take a hit financially.

"We have no knowledge that they were able to breach any data nor were they able to take any money from our financial system," said Gardner. "They shut down the system and we're trying to clean it up."

He said his own email came back online Wednesday and that the IT department is being "very thorough" as they work with outside vendors to purge the system of any malware and fully restore email for county workers in the affected departments.

Big data breaches have become more common, with countries like North Korea and Russia among the leading perpetrators.

Earlier this year, hackers took over and shut down the city of Atlanta's computer system for days in what have become known as ransomware attacks. Health care data is a growing target for hackers.

Last month, the Times Union reported that health and insurance records for more than 128,000 patients and workers at New York Oncology Hematology, a cancer treatment center, were potentially stolen by hackers.

In 2010, a hackers over the course of three days tried to transfer $3.8 million from the district's account with NBT Bank to overseas places. The bank was able to reverse most of the transfers, but not all of the stolen funds.

Sanjay Goel, professor and chair of Information, Security and Digital Forensics Department at University at Albany School of Business said Wednesday that malware can get into a system in a variety of ways, including if a user clicks on a link, downloads software from the internet that contains a Trojan horse, a type of malware disguised as legitimate software.

Asked about the Schenectady County hacking, Goel said it seems to have the earmarks of an online crime syndicate where "they're basically trying to do electronic transactions or transfer money."

He said hackers sometimes engage in "passive observation and lateral moves" where once they infiltrate the system, they move across the system until they find what they need to carry out their fraudulent activity.

"One of things that they could be doing is they could just sit and keep watching your system for a while seeing what kinds of transactions are going through and then they replicate the same transactions," he said.

During that dormant period, they could be looking for passwords, downloading software from other places in the machine, or using a key logger to record what a person is typing, including passwords and transactions.

The county, Gardner said, plans to institute new protocols to ensure they are not hacked again.

He did know the status of the probe, which involves the FBI and U.S. Department of Homeland Security but noted that at least four other counties in the state had also been hacked.

Goel said many banks have safeguards and controls in place to detect suspicious activity and fraud because they are the ones on the hook when the money is stolen.

He said it often becomes a "cat and mouse game" between the banks and cyber thieves as they try to stay one step ahead of each other.

"You need to constantly be monitoring your networks to see who's coming and leaving, looking for fraud and illegal activity. That's what modern security is," said Goel.

He said a lot of county governments are easier targets because they don't have the security expertise or money to pay for the constant monitoring.

"They need to weigh the cost and the benefits of how valuable their information is and how much money they are willing to invest to protect it," he said. "This is not the first time this has happened. It's going to happen again and again. We just need to keep tightening our security and do it more efficiently."

©2018 the Times Union (Albany, N.Y.). Distributed by Tribune Content Agency, LLC.

Platforms & Programs